Comments Off on Verizon Fixes Serious Securty Flaw In FiOS
Randy Westergren, a senior software developer with XDA Developers, looked at the Android version of My FiOS, which is used for account management, email and scheduling video recordings.
“Since Verizon has a good amount of my information, I thought it would be a good candidate for research,” Westergren wrote on his personal blog. “I was right, and the results were astonishing.”
The flaw, contained in the application’s API, could have allowed an attacker to read individual messages from a person’s Verizon inbox and even send emails from an account, he wrote.
Westergren looked at the traffic sent back and forth between My FiOS and Verizon’s servers. He found My FiOS would return the content of someone else’s email inbox by simply substituting a different user ID in a request.
He contacted Verizony, which later acknowledged the problem. Verizon issued a fix last Friday, Westergren wrote.
“Verizon’s security group seemed to immediately realize the impact of this vulnerability and took it very seriously,” Westergren wrote. “They were very responsive during this process and even arranged for a free year of FiOS Internet service as a token of their gratitude.”
The carrier had announced in July it would extend a practice it calls network optimization to unlimited LTE subscribers starting in October. Network optimization targets the top 5 percent of data users on the network when a cell site is under the heaviest demand, and slows down those users’ network performance. Verizon had already applied the practice to the top users of its 3G network.
“We’ve greatly valued the ongoing dialogue over the past several months concerning network optimization and we’ve decided not to move forward with the planned implementation of network optimization for 4G LTE customers on unlimited plans,” the carrier said in a statement on Wednesday. “Exceptional network service will always be our priority and we remain committed to working closely with industry stakeholders to manage broadband issues so that American consumers get the world-class mobile service they expect and value.”
U.S. Federal Communications Commission Chairman Tom Wheeler attacked the plan in a letter to Verizon, suggesting it was a ploy to get customers to switch from their unlimited plans to ones with a cap on monthly data usage. Verizon no longer sells new unlimited plans but allows subscribers with those plans to keep them.
“I know of no past Commission statement that would treat as ‘reasonable network management’ a decision to slow traffic to a user who has paid, after all, for ‘unlimited’ service,” Wheeler wrote in the late July letter to Verizon Wireless President and CEO Dan Mead.
Digital rights group Public Knowledge also attacked so-called data throttling, as well as practices by AT&T, Sprint and T-Mobile USA.
The showdown demonstrated the tension over increasing demand for mobile data, which carriers say puts a strain on their networks. Among other things, that demand has led operators to seek ever more spectrum and apply network management techniques they say are necessary to keep serving all subscribers well. Though LTE makes much more efficient use of the airwaves than 3G does, LTE networks are serving a rapidly growing number of subscribers.
Verizon Wireless reportedly has offered $1 billion to $1.5 billion to acquire some of Clearwire’s spectrum leases, possibly complicating Sprint Nextel’s attempt to buy out the company in conjunction with its acquisition by Softbank.
Clearwire is struggling financially but owns broad swaths of spectrum, the lifeblood of wireless networks. The April 8 bid from “Party J,” which Clearwire disclosed in a Securities and Exchange Commission filing on Friday, is the latest in a series of offers for its spectrum licenses. Unnamed people familiar with the matter identified “Party J” as Verizon Wireless, according to a report in The Wall Street Journal.
Clearwire is a key part of a complicated set of possible transactions that could make a much stronger competitor out of Sprint, the country’s third-largest mobile operator. Sprint already owns roughly half of Clearwire and is bidding about $2.2 billion to buy the rest of its stock. That deal depends on Softbank’s planned $20.1 billion offer for 70% of Sprint, which is still undergoing regulatory review.
Clearwire holds 150MHz of spectrum or more in most major markets of the U.S. Verizon would buy only a portion of that spectrum. “Party J offered to acquire Clearwire spectrum leases generally located in large markets,” Clearwire said in the Friday filing, a proxy statement to shareholders on the Sprint buyout bid. The proposed gross price of $1 billion to $1.5 billion would be reduced by what Clearwire pays for the leases, which could be substantial, according to Clearwire’s filing. The company said it would discuss the offer with “Party J” and Sprint.
They already sells phones and tablets, provides a wealth of online services and has been laying high-speed fiber to people’s homes. Now Google is apparently weighing the possibility of a wireless network service as well.
Google has been in talks with satellite TV provider Dish Network over a possible partnership to build out a wireless service that would rival those from carriers such as AT&T and Sprint, the Wall Street Journal reported late last week.
The talks are at an early stage and could amount to nothing, and Google is just one of many companies Dish is talking to, according to the Journal, which cited anonymous sources. But it raises the prospect that Google might expand its business in a new direction.
Dish has been buying spectrum that could support a wireless service, although it still needs regulatory approval to set one up. In an interview with the Journal Thursday, CEO Charlie Ergen said the partners Dish is talking to include companies that don’t currently have a wireless business.
Google declined to comment on the report, the newspaper said.
AT&T plans to buy NextWave Wireless, a holder of spectrum that could be used for mobile data services, for about $600 million.
NextWave owns licenses for spectrum in both the WCS (Wireless Communications Services) and the AWS (Advanced Wireless Services) band. AT&T said in a press release it plans to use that spectrum to feed “skyrocketing” demand for mobile data, but it will have to wait for an ongoing Federal Communications Commission review before it can take advantage of the WCS band.
The FCC auctioned WCS spectrum in 1997, but it has not been used for mobile data because of rules designed to prevent interference with satellite users in adjacent bands, AT&T said. In June, AT&T and satellite radio company Sirius XM filed a proposal to the FCC for using WCS while protecting the nearby satellite users, but the agency is still reviewing that plan. If it is approved, AT&T hopes to start using the WCS band in about three years.
The NextWave deal is only the latest in a series of moves by big mobile operators to secure more spectrum. AT&T characterized its proposed merger with T-Mobile USA last year, which was opposed by the FCC and other regulators, as first and foremost a deal to acquire spectrum. Verizon Wireless announced a deal earlier this year, which is still under FCC review, to acquire unused wireless licenses from major U.S. cable operators.
The U.S. Federal Communications Commission approved AT&T’s US$1.9 billion buying of spectrum from Qualcomm on Thursday, allowing the carrier to salvage one ambitious deal to acquire more spectrum, after squashing its planned merger with T-Mobile USA.
AT&T announced its plan to buy the Qualcomm spectrum last December, a few months before it revealed the much larger proposal to merge with T-Mobile for $39 billion. It said both were motivated by the need for more radio spectrum to increase the coverage and capacity of its LTE (Long-Term Evolution) network. AT&T withdrew the T-Mobile plan on Monday after the FCC, the Department of Justice and others said it was not in the public interest.
With the Qualcomm purchase, AT&T will get 6MHz of spectrum across the country in the coveted 700MHz band, as well as another 6MHz of spectrum in five major metropolitan areas: New York, Boston, Philadelphia, Los Angeles and San Francisco, according to the FCC’s order released Thursday. Those five markets represent about 70 million potential subscribers. The carrier has said it plans to use it as a supplemental downlink for its LTE network, allowing for faster and more consistent mobile data service.
Verizon Wireless finally announced that the Samsung Galaxy Nexus smartphone running Android 4.0 on its 4G LTE network will be available on Thursday in stores and online for $299.99 with a two-year agreement.
The announcement, which came late Wednesday, arrived after days of speculation that the phone was being delayed over a dispute between the carrier and Google over the Google Wallet application, which doesn’t work on Verizon’s version.
During the period many expected Verizon to release the Galaxy Nexus, problems with the carrier’s LTE network arose for nearly two days, pushing LTE users to Verizon’s slower 3G service.
But Verizon never admitted there was any delay in releasing the device and pointed out that it had never given an official release date until Wednesday.
Verizon will carry a 4G LTE version that supports download speeds of up to 12Mbps. Online sales were set to start at 1 a.m. ET Thursday.
The new device has many features putting it at the top of the market for competing smartphones, including one of the highest prices: $299.99. Many rivals are priced at $200 or $250 on other U.S. carriers.
Sprint Nextel confirmed that it will offer the next version of Apple Inc’s iPhone, ending months of speculation about whether it would become the third U.S. carrier to sell the popular device.
But the No. 3 U.S. mobile provider would not say whether its iPhone would come with a flat-fee service for unlimited data use – an offering analysts see as Sprint’s only hope for making its iPhone more competitive than rivals.
While selling the device should help Sprint keep subscribers from fleeing to other operators, some analysts worried whether the costs would outweigh the benefits because Apple phones come at a steep premium to other devices.
This is a huge gamble for Sprint and people are justifiably worried that they won’t be able to make any money doing it. It’s not a company that’s in great financial shape right now,” said Stifel Nicolaus analyst Chris King.
Analysts questioned how Sprint will be able to find the money to pay a premium to Apple on top of its obligations to pay back billions of dollars in debt and its plan to spend about $5 billion on an network upgrade in coming years.
Verizon Wireless, the biggest U.S. mobile operator, has taken a legal stand against Apple Inc’s request to prohibit the sale of some Samsung Electronics models in the United States.
“The requested injunction of certain Samsung products will harm Verizon Wireless and U.S. consumers,” Verizon said in a court filing dated September 23.
“It also has the possibility of slowing the deployment of next-generation networks — such as Verizon Wireless’s — contrary to the stated goals of the U.S. government,” it said.
Verizon Wireless is a joint venture of Verizon Communications Inc and Vodafone Plc.
Sprint will be the first U.S. mobile carrier to offer Samsung’s Galaxy S II, starting Sept. 16, but T-Mobile and AT&T said Tuesday they also will sell the phone.
A follow-on to the popular Galaxy S, the phone will be the thinnest available at all three operators.
The largest mobile carrier in the U.S., Verizon Wireless, notably has decided not to sell the phone. Verizon recently said it already has an extensive portfolio of Android phones and so would not offer the Galaxy S II.
All models of the Galaxy S II will work on the 4G networks of the respective operators and will run Android 2.3, or Gingerbread. The phone will have a 4.3-inch Super Amoled Plus display, which uses technology developed by Samsung. It will have an 8-megapixel rear camera, plus a 2-megapixel front-facing camera for video conferencing.